Google has seen a 33% year-on-year spike in nation state attempts to compromise its customers so far in 2021, the tech giant revealed yesterday.
Security engineer Ajax Bash claimed that in the year-to-date, Google’s Threat Analysis Group (TAG) had sent over 50,000 warnings to customers that their account was the target of government-backed phishing or malware attempts.
The main reason for the increase in attacks was an “unusually large” campaign attributed to the notorious Kremlin-backed actor known as Fancy Bear (APT28).
“We intentionally send these warnings in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track our defense strategies,” Bash explained.
“On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings.”
The news follows a similar update from Microsoft last week in which the tech giant revealed that Russia accounted for the majority (58%) of alerts it sent customers over the past year. APT29 (Cozy Bear) generated the vast majority (92%) of these notifications.
Microsoft said it had sent around 20,000 alerts relating to nation-state attacks, far fewer than Google’s tally over the past three years.
Google has been sending out these warnings for nearly a decade now and has an Advanced Protection Program for those who believe they may be a significant target, such as journalists and rights activists.
Also, in the blog post, Bash detailed the latest campaign from Iranian state group APT35, which tried last year to disrupt the US election by targeting Presidential campaign staff.
One of its tried-and-tested techniques is to compromise legitimate sites with phishing kits and send email messages to targets with links to those sites. It’s also been observed uploading spyware hidden in normal-seeming VPN software on Google Play.